feat: Add firezone VPN
This commit is contained in:
Julian-Samuel Gebühr
parent
25a71a68ef
commit
8fe3eb25ab
4 changed files with 84 additions and 0 deletions
23
docs/services/firezone.md
Normal file
23
docs/services/firezone.md
Normal file
|
|
@ -0,0 +1,23 @@
|
||||||
|
# Firezone
|
||||||
|
|
||||||
|
[Firezone](https://www.firezone.dev/) is a self-hosted VPN server with Web UI.
|
||||||
|
|
||||||
|
To enable Firezone add the following to your `vars.yml`:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
##############
|
||||||
|
## FIREZONE ##
|
||||||
|
##############
|
||||||
|
|
||||||
|
firezone_enabled: true
|
||||||
|
firezone_hostname: example.org
|
||||||
|
|
||||||
|
firezone_default_admin_email: "user@invalid.org"
|
||||||
|
firezone_default_admin_password: "<securepassword>"
|
||||||
|
|
||||||
|
# Generate this with `openssl rand -base64 32`
|
||||||
|
firezone_database_encryption_key: "<secret>"
|
||||||
|
```
|
||||||
|
|
||||||
|
Use `ansible-playbook -i inventory/hosts setup.yml --tags=firezone-create-or-reset-admin` to create the configured
|
||||||
|
admin account or reset the password to the password set in `vars.yml`.
|
||||||
|
|
@ -116,6 +116,8 @@ devture_systemd_service_manager_services_list_auto: |
|
||||||
([{'name': (uptime_kuma_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'uptime-kuma']}] if uptime_kuma_enabled else [])
|
([{'name': (uptime_kuma_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'uptime-kuma']}] if uptime_kuma_enabled else [])
|
||||||
+
|
+
|
||||||
([{'name': (hubsite_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'hubsite']}] if hubsite_enabled else [])
|
([{'name': (hubsite_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'hubsite']}] if hubsite_enabled else [])
|
||||||
|
+
|
||||||
|
([{'name': (firezone_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'firezone']}] if firezone_enabled else [])
|
||||||
}}
|
}}
|
||||||
|
|
||||||
########################################################################
|
########################################################################
|
||||||
|
|
@ -194,6 +196,12 @@ devture_postgres_managed_databases_auto: |
|
||||||
'password': peertube_config_database_password,
|
'password': peertube_config_database_password,
|
||||||
}] if peertube_enabled else [])
|
}] if peertube_enabled else [])
|
||||||
+
|
+
|
||||||
|
([{
|
||||||
|
'name': firezone_database_name,
|
||||||
|
'username': firezone_database_user,
|
||||||
|
'password': firezone_database_password,
|
||||||
|
}] if firezone_enabled else [])
|
||||||
|
+
|
||||||
([{
|
([{
|
||||||
'name': vaultwarden_database_name,
|
'name': vaultwarden_database_name,
|
||||||
'username': vaultwarden_database_username,
|
'username': vaultwarden_database_username,
|
||||||
|
|
@ -1256,3 +1264,50 @@ hubsite_service_list_auto: |
|
||||||
# /hubsite #
|
# /hubsite #
|
||||||
# #
|
# #
|
||||||
########################################################################
|
########################################################################
|
||||||
|
|
||||||
|
########################################################################
|
||||||
|
# #
|
||||||
|
# firezone #
|
||||||
|
# #
|
||||||
|
########################################################################
|
||||||
|
|
||||||
|
firezone_enabled: false
|
||||||
|
|
||||||
|
firezone_identifier: "{{ mash_playbook_service_identifier_prefix }}firezone"
|
||||||
|
|
||||||
|
firezone_base_path: "{{ mash_playbook_base_path }}/firezone"
|
||||||
|
|
||||||
|
firezone_uid: "{{ mash_playbook_uid }}"
|
||||||
|
firezone_gid: "{{ mash_playbook_gid }}"
|
||||||
|
firezone_generic_secret: "{{ mash_playbook_generic_secret_key }}"
|
||||||
|
|
||||||
|
firezone_database_host: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
|
||||||
|
firezone_database_port: "{{ '5432' if devture_postgres_enabled else '' }}"
|
||||||
|
firezone_database_name: "{{ firezone_identifier }}"
|
||||||
|
firezone_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'fz.db.user', rounds=655555) | to_uuid }}"
|
||||||
|
firezone_database_user: "{{ firezone_identifier }}"
|
||||||
|
|
||||||
|
firezone_systemd_required_services_list: |
|
||||||
|
{{
|
||||||
|
(['docker.service'])
|
||||||
|
+
|
||||||
|
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and firezone_database_host == devture_postgres_identifier else [])
|
||||||
|
}}
|
||||||
|
|
||||||
|
firezone_container_additional_networks: |
|
||||||
|
{{
|
||||||
|
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
|
||||||
|
+
|
||||||
|
([devture_postgres_container_network] if devture_postgres_enabled and firezone_database_host == devture_postgres_identifier and firezone_container_network != devture_postgres_container_network else [])
|
||||||
|
}}
|
||||||
|
|
||||||
|
firezone_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
|
||||||
|
firezone_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
|
||||||
|
firezone_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
|
||||||
|
firezone_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
|
||||||
|
|
||||||
|
########################################################################
|
||||||
|
# #
|
||||||
|
# /firezone #
|
||||||
|
# #
|
||||||
|
########################################################################
|
||||||
|
|
|
||||||
|
|
@ -122,3 +122,7 @@
|
||||||
- src: git+https://github.com/moan0s/hubsite.git
|
- src: git+https://github.com/moan0s/hubsite.git
|
||||||
name: hubsite
|
name: hubsite
|
||||||
version: da6fed398a9dd0761db941cb903b53277c341cc6
|
version: da6fed398a9dd0761db941cb903b53277c341cc6
|
||||||
|
|
||||||
|
- src: git+https://github.com/moan0s/role-firezone.git
|
||||||
|
name: firezone
|
||||||
|
version: 9916b11161b3cdf3485c6b3c475573fc90cd1823
|
||||||
|
|
|
||||||
|
|
@ -60,6 +60,8 @@
|
||||||
- role: galaxy/docker_registry_browser
|
- role: galaxy/docker_registry_browser
|
||||||
- role: galaxy/docker_registry_purger
|
- role: galaxy/docker_registry_purger
|
||||||
|
|
||||||
|
- role: galaxy/firezone
|
||||||
|
|
||||||
- role: galaxy/focalboard
|
- role: galaxy/focalboard
|
||||||
|
|
||||||
- role: galaxy/gitea
|
- role: galaxy/gitea
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue